Mapping a Specific Client Certificate to a User Account

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

Use the following procedure to map a specific client certificate to a user account.

Important

You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /user:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".

Procedures

To map a specific client certificate to a user account

1. In IIS Manager, expand the local computer, and then expand the Web Sites folder.

2. Right-click the Web site for which you want to configure authentication, and then click Properties.

3. Click the Directory Security tab, and then, in the Secure Communications section, click Edit.

4. In the Secure Communications box, select the Enable client certificate mapping check box, and then click Edit.

5. In the Account Mappings box, click the 1-to-1 tab.

6. On the 1-to-1 tab, either add a new certificate by clicking Add, or edit an existing mapping by selecting the mapping and clicking Edit Map.

7. If you are adding a new certificate, browse to the certificate file and open it.

   Note

   If you cannot find the certificate file, it might first need to be exported. For information about exporting a certificate for use in one-to-one mapping, see Exporting a Client Certificate for One-to-One Mapping.

8. In the Map to Account box, enter a map name for the mapping. This is the name that will be displayed in the selection list on the Account Mappings box.

9. Either type or browse to a Windows user account. Type the password of the account to which the certificate is being mapped.

10. Click OK.

11. Repeat these steps to map other certificates, or to map this certificate to other accounts.

Related Information

• For information about how to map a client certificate by using wildcard rules, see Mapping Client Certificates Many-to-One.

• For information about when to use each type of client certificate mapping, see Mapping Strategies.

• For general information about certificates, see SSL and Certificates.